Out of 50 top government information technology contractors, 49 aren’t completely securing their email systems against spoofing and phishing attacks, according to a study released Wednesday.
Only one of those contractors, Engility, is rejecting spam and phishing emails that use its domains entirely. Another, Tetra Tech, is warning recipients those emails are questionable and possibly sending them to spam or quarantine folders, according to research from the Global Cyber Alliance, a cybersecurity advocacy organization. Eyal Benishti, CEO & Founder at IRONSCALES commented below.
Eyal Benishti, CEO & Founder at IRONSCALES:
“As phishing continues to be the catalyst to data breaches and malware infections suffered by millions across the World, it is concerning to see that those with access to potentially sensitive data, failing to incorporate such a basic element of security. Without the implementation of DMARC, cybercriminals can quite easily take over an individual’s email address, and use it to get their hands on money, personal information, and in this case, sensitive government information; fraudsters could go on to cause endless amounts of trouble.
DMARC allows what would be a faked email server to tell the recipient of the scam that the email is not actually legit, thus avoiding what could potentially be a cybersecurity nightmare; the recipient is informed to take action by deleting the email, moving it to the spam folder or do nothing at all.
However, it must be noted that DMARC is not a silver bullet against spoofing and impersonation, and so other advanced means of protection from these kinds of scams must not be disregarded.”